Companies must adhere to data privacy laws for personal data. A core requirement of data privacy is to use personal data only for particular business purposes and to erase them as soon as possible. Often personal data cannot be erased because of regulations regarding legal retention periods. When legal retention periods apply, retained personal data has to be blocked to restrict access to this data. After the retention period, the personal data may be deleted.
To comply with data privacy laws, processes for blocking access to personal data after residence time, and erasure from both a database and any archiving system after retention time must be done. Requirements concerning dependencies between the business partner and the enterprise application components and multi-system aspects must also be followed.